ietf
[Top] [All Lists]

RE: [dhcwg] Gen-ART and OPS-Dir review of draft-wkumari-dhc-capport-13

2015-07-13 10:16:11

On Saturday, July 11, 2015 8:50 AM, joel jaeggli wrote

...
[5] Section 5:

   Fake
   DHCP servers / fake RAs are currently a security concern - this
   doesn't make them any better or worse.

Please cite a reference for this, preferably with operational 
recommendations on limiting these problems (e.g., ensure that DHCP and 
RA traffic cannot be injected from outside/beyond the network that is 
relevant to the portal).

There is definitely an attack vector there. Suppose an attacker can monitor the 
traffic, say on an unencrypted Wi-Fi hot spot. The attacker can see a DHCP 
request or INFORM, and race in a fake response with an URL of their own 
choosing. The mark's computer automatically connects there, and download some 
zero-day attack. Bingo!
 
 -- Christian Huitema